Headline
Gentoo Linux Security Advisory 202408-21
Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.
Gentoo Linux Security Advisory GLSA 202408-21
https://security.gentoo.org/
Severity: Normal
Title: GPAC: Multiple Vulnerabilities
Date: August 10, 2024
Bugs: #785649, #835341
ID: 202408-21
Synopsis
Multiple vulnerabilities have been discovered in GPAC, the worst of
which could lead to arbitrary code execution.
Background
GPAC is an implementation of the MPEG-4 Systems standard developed from
scratch in ANSI C.
Affected packages
Package Vulnerable Unaffected
media-video/gpac < 2.2.0 >= 2.2.0
Description
Multiple vulnerabilities have been discovered in GPAC. Please review the
CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All GPAC users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=media-video/gpac-2.2.0”
References
[ 1 ] CVE-2020-22673
https://nvd.nist.gov/vuln/detail/CVE-2020-22673
[ 2 ] CVE-2020-22674
https://nvd.nist.gov/vuln/detail/CVE-2020-22674
[ 3 ] CVE-2020-22675
https://nvd.nist.gov/vuln/detail/CVE-2020-22675
[ 4 ] CVE-2020-22677
https://nvd.nist.gov/vuln/detail/CVE-2020-22677
[ 5 ] CVE-2020-22678
https://nvd.nist.gov/vuln/detail/CVE-2020-22678
[ 6 ] CVE-2020-22679
https://nvd.nist.gov/vuln/detail/CVE-2020-22679
[ 7 ] CVE-2020-25427
https://nvd.nist.gov/vuln/detail/CVE-2020-25427
[ 8 ] CVE-2020-35979
https://nvd.nist.gov/vuln/detail/CVE-2020-35979
[ 9 ] CVE-2020-35980
https://nvd.nist.gov/vuln/detail/CVE-2020-35980
[ 10 ] CVE-2020-35981
https://nvd.nist.gov/vuln/detail/CVE-2020-35981
[ 11 ] CVE-2020-35982
https://nvd.nist.gov/vuln/detail/CVE-2020-35982
[ 12 ] CVE-2021-4043
https://nvd.nist.gov/vuln/detail/CVE-2021-4043
[ 13 ] CVE-2021-21834
https://nvd.nist.gov/vuln/detail/CVE-2021-21834
[ 14 ] CVE-2021-21835
https://nvd.nist.gov/vuln/detail/CVE-2021-21835
[ 15 ] CVE-2021-21836
https://nvd.nist.gov/vuln/detail/CVE-2021-21836
[ 16 ] CVE-2021-21837
https://nvd.nist.gov/vuln/detail/CVE-2021-21837
[ 17 ] CVE-2021-21838
https://nvd.nist.gov/vuln/detail/CVE-2021-21838
[ 18 ] CVE-2021-21839
https://nvd.nist.gov/vuln/detail/CVE-2021-21839
[ 19 ] CVE-2021-21840
https://nvd.nist.gov/vuln/detail/CVE-2021-21840
[ 20 ] CVE-2021-21841
https://nvd.nist.gov/vuln/detail/CVE-2021-21841
[ 21 ] CVE-2021-21842
https://nvd.nist.gov/vuln/detail/CVE-2021-21842
[ 22 ] CVE-2021-21843
https://nvd.nist.gov/vuln/detail/CVE-2021-21843
[ 23 ] CVE-2021-21844
https://nvd.nist.gov/vuln/detail/CVE-2021-21844
[ 24 ] CVE-2021-21845
https://nvd.nist.gov/vuln/detail/CVE-2021-21845
[ 25 ] CVE-2021-21846
https://nvd.nist.gov/vuln/detail/CVE-2021-21846
[ 26 ] CVE-2021-21847
https://nvd.nist.gov/vuln/detail/CVE-2021-21847
[ 27 ] CVE-2021-21848
https://nvd.nist.gov/vuln/detail/CVE-2021-21848
[ 28 ] CVE-2021-21849
https://nvd.nist.gov/vuln/detail/CVE-2021-21849
[ 29 ] CVE-2021-21850
https://nvd.nist.gov/vuln/detail/CVE-2021-21850
[ 30 ] CVE-2021-21851
https://nvd.nist.gov/vuln/detail/CVE-2021-21851
[ 31 ] CVE-2021-21852
https://nvd.nist.gov/vuln/detail/CVE-2021-21852
[ 32 ] CVE-2021-21853
https://nvd.nist.gov/vuln/detail/CVE-2021-21853
[ 33 ] CVE-2021-21854
https://nvd.nist.gov/vuln/detail/CVE-2021-21854
[ 34 ] CVE-2021-21855
https://nvd.nist.gov/vuln/detail/CVE-2021-21855
[ 35 ] CVE-2021-21856
https://nvd.nist.gov/vuln/detail/CVE-2021-21856
[ 36 ] CVE-2021-21857
https://nvd.nist.gov/vuln/detail/CVE-2021-21857
[ 37 ] CVE-2021-21858
https://nvd.nist.gov/vuln/detail/CVE-2021-21858
[ 38 ] CVE-2021-21859
https://nvd.nist.gov/vuln/detail/CVE-2021-21859
[ 39 ] CVE-2021-21860
https://nvd.nist.gov/vuln/detail/CVE-2021-21860
[ 40 ] CVE-2021-21861
https://nvd.nist.gov/vuln/detail/CVE-2021-21861
[ 41 ] CVE-2021-21862
https://nvd.nist.gov/vuln/detail/CVE-2021-21862
[ 42 ] CVE-2021-30014
https://nvd.nist.gov/vuln/detail/CVE-2021-30014
[ 43 ] CVE-2021-30015
https://nvd.nist.gov/vuln/detail/CVE-2021-30015
[ 44 ] CVE-2021-30019
https://nvd.nist.gov/vuln/detail/CVE-2021-30019
[ 45 ] CVE-2021-30020
https://nvd.nist.gov/vuln/detail/CVE-2021-30020
[ 46 ] CVE-2021-30022
https://nvd.nist.gov/vuln/detail/CVE-2021-30022
[ 47 ] CVE-2021-30199
https://nvd.nist.gov/vuln/detail/CVE-2021-30199
[ 48 ] CVE-2021-31254
https://nvd.nist.gov/vuln/detail/CVE-2021-31254
[ 49 ] CVE-2021-31255
https://nvd.nist.gov/vuln/detail/CVE-2021-31255
[ 50 ] CVE-2021-31256
https://nvd.nist.gov/vuln/detail/CVE-2021-31256
[ 51 ] CVE-2021-31257
https://nvd.nist.gov/vuln/detail/CVE-2021-31257
[ 52 ] CVE-2021-31258
https://nvd.nist.gov/vuln/detail/CVE-2021-31258
[ 53 ] CVE-2021-31259
https://nvd.nist.gov/vuln/detail/CVE-2021-31259
[ 54 ] CVE-2021-31260
https://nvd.nist.gov/vuln/detail/CVE-2021-31260
[ 55 ] CVE-2021-31261
https://nvd.nist.gov/vuln/detail/CVE-2021-31261
[ 56 ] CVE-2021-31262
https://nvd.nist.gov/vuln/detail/CVE-2021-31262
[ 57 ] CVE-2021-32132
https://nvd.nist.gov/vuln/detail/CVE-2021-32132
[ 58 ] CVE-2021-32134
https://nvd.nist.gov/vuln/detail/CVE-2021-32134
[ 59 ] CVE-2021-32135
https://nvd.nist.gov/vuln/detail/CVE-2021-32135
[ 60 ] CVE-2021-32136
https://nvd.nist.gov/vuln/detail/CVE-2021-32136
[ 61 ] CVE-2021-32137
https://nvd.nist.gov/vuln/detail/CVE-2021-32137
[ 62 ] CVE-2021-32138
https://nvd.nist.gov/vuln/detail/CVE-2021-32138
[ 63 ] CVE-2021-32139
https://nvd.nist.gov/vuln/detail/CVE-2021-32139
[ 64 ] CVE-2021-32437
https://nvd.nist.gov/vuln/detail/CVE-2021-32437
[ 65 ] CVE-2021-32438
https://nvd.nist.gov/vuln/detail/CVE-2021-32438
[ 66 ] CVE-2021-32439
https://nvd.nist.gov/vuln/detail/CVE-2021-32439
[ 67 ] CVE-2021-32440
https://nvd.nist.gov/vuln/detail/CVE-2021-32440
[ 68 ] CVE-2021-33361
https://nvd.nist.gov/vuln/detail/CVE-2021-33361
[ 69 ] CVE-2021-33362
https://nvd.nist.gov/vuln/detail/CVE-2021-33362
[ 70 ] CVE-2021-33363
https://nvd.nist.gov/vuln/detail/CVE-2021-33363
[ 71 ] CVE-2021-33364
https://nvd.nist.gov/vuln/detail/CVE-2021-33364
[ 72 ] CVE-2021-33365
https://nvd.nist.gov/vuln/detail/CVE-2021-33365
[ 73 ] CVE-2021-33366
https://nvd.nist.gov/vuln/detail/CVE-2021-33366
[ 74 ] CVE-2021-36412
https://nvd.nist.gov/vuln/detail/CVE-2021-36412
[ 75 ] CVE-2021-36414
https://nvd.nist.gov/vuln/detail/CVE-2021-36414
[ 76 ] CVE-2021-36417
https://nvd.nist.gov/vuln/detail/CVE-2021-36417
[ 77 ] CVE-2021-36584
https://nvd.nist.gov/vuln/detail/CVE-2021-36584
[ 78 ] CVE-2021-40559
https://nvd.nist.gov/vuln/detail/CVE-2021-40559
[ 79 ] CVE-2021-40562
https://nvd.nist.gov/vuln/detail/CVE-2021-40562
[ 80 ] CVE-2021-40563
https://nvd.nist.gov/vuln/detail/CVE-2021-40563
[ 81 ] CVE-2021-40564
https://nvd.nist.gov/vuln/detail/CVE-2021-40564
[ 82 ] CVE-2021-40565
https://nvd.nist.gov/vuln/detail/CVE-2021-40565
[ 83 ] CVE-2021-40566
https://nvd.nist.gov/vuln/detail/CVE-2021-40566
[ 84 ] CVE-2021-40567
https://nvd.nist.gov/vuln/detail/CVE-2021-40567
[ 85 ] CVE-2021-40568
https://nvd.nist.gov/vuln/detail/CVE-2021-40568
[ 86 ] CVE-2021-40569
https://nvd.nist.gov/vuln/detail/CVE-2021-40569
[ 87 ] CVE-2021-40570
https://nvd.nist.gov/vuln/detail/CVE-2021-40570
[ 88 ] CVE-2021-40571
https://nvd.nist.gov/vuln/detail/CVE-2021-40571
[ 89 ] CVE-2021-40572
https://nvd.nist.gov/vuln/detail/CVE-2021-40572
[ 90 ] CVE-2021-40573
https://nvd.nist.gov/vuln/detail/CVE-2021-40573
[ 91 ] CVE-2021-40574
https://nvd.nist.gov/vuln/detail/CVE-2021-40574
[ 92 ] CVE-2021-40575
https://nvd.nist.gov/vuln/detail/CVE-2021-40575
[ 93 ] CVE-2021-40576
https://nvd.nist.gov/vuln/detail/CVE-2021-40576
[ 94 ] CVE-2021-40592
https://nvd.nist.gov/vuln/detail/CVE-2021-40592
[ 95 ] CVE-2021-40606
https://nvd.nist.gov/vuln/detail/CVE-2021-40606
[ 96 ] CVE-2021-40607
https://nvd.nist.gov/vuln/detail/CVE-2021-40607
[ 97 ] CVE-2021-40608
https://nvd.nist.gov/vuln/detail/CVE-2021-40608
[ 98 ] CVE-2021-40609
https://nvd.nist.gov/vuln/detail/CVE-2021-40609
[ 99 ] CVE-2021-40942
https://nvd.nist.gov/vuln/detail/CVE-2021-40942
[ 100 ] CVE-2021-40944
https://nvd.nist.gov/vuln/detail/CVE-2021-40944
[ 101 ] CVE-2021-41456
https://nvd.nist.gov/vuln/detail/CVE-2021-41456
[ 102 ] CVE-2021-41457
https://nvd.nist.gov/vuln/detail/CVE-2021-41457
[ 103 ] CVE-2021-41458
https://nvd.nist.gov/vuln/detail/CVE-2021-41458
[ 104 ] CVE-2021-41459
https://nvd.nist.gov/vuln/detail/CVE-2021-41459
[ 105 ] CVE-2021-44918
https://nvd.nist.gov/vuln/detail/CVE-2021-44918
[ 106 ] CVE-2021-44919
https://nvd.nist.gov/vuln/detail/CVE-2021-44919
[ 107 ] CVE-2021-44920
https://nvd.nist.gov/vuln/detail/CVE-2021-44920
[ 108 ] CVE-2021-44921
https://nvd.nist.gov/vuln/detail/CVE-2021-44921
[ 109 ] CVE-2021-44922
https://nvd.nist.gov/vuln/detail/CVE-2021-44922
[ 110 ] CVE-2021-44923
https://nvd.nist.gov/vuln/detail/CVE-2021-44923
[ 111 ] CVE-2021-44924
https://nvd.nist.gov/vuln/detail/CVE-2021-44924
[ 112 ] CVE-2021-44925
https://nvd.nist.gov/vuln/detail/CVE-2021-44925
[ 113 ] CVE-2021-44926
https://nvd.nist.gov/vuln/detail/CVE-2021-44926
[ 114 ] CVE-2021-44927
https://nvd.nist.gov/vuln/detail/CVE-2021-44927
[ 115 ] CVE-2021-45258
https://nvd.nist.gov/vuln/detail/CVE-2021-45258
[ 116 ] CVE-2021-45259
https://nvd.nist.gov/vuln/detail/CVE-2021-45259
[ 117 ] CVE-2021-45260
https://nvd.nist.gov/vuln/detail/CVE-2021-45260
[ 118 ] CVE-2021-45262
https://nvd.nist.gov/vuln/detail/CVE-2021-45262
[ 119 ] CVE-2021-45263
https://nvd.nist.gov/vuln/detail/CVE-2021-45263
[ 120 ] CVE-2021-45266
https://nvd.nist.gov/vuln/detail/CVE-2021-45266
[ 121 ] CVE-2021-45267
https://nvd.nist.gov/vuln/detail/CVE-2021-45267
[ 122 ] CVE-2021-45288
https://nvd.nist.gov/vuln/detail/CVE-2021-45288
[ 123 ] CVE-2021-45289
https://nvd.nist.gov/vuln/detail/CVE-2021-45289
[ 124 ] CVE-2021-45291
https://nvd.nist.gov/vuln/detail/CVE-2021-45291
[ 125 ] CVE-2021-45292
https://nvd.nist.gov/vuln/detail/CVE-2021-45292
[ 126 ] CVE-2021-45297
https://nvd.nist.gov/vuln/detail/CVE-2021-45297
[ 127 ] CVE-2021-45760
https://nvd.nist.gov/vuln/detail/CVE-2021-45760
[ 128 ] CVE-2021-45762
https://nvd.nist.gov/vuln/detail/CVE-2021-45762
[ 129 ] CVE-2021-45763
https://nvd.nist.gov/vuln/detail/CVE-2021-45763
[ 130 ] CVE-2021-45764
https://nvd.nist.gov/vuln/detail/CVE-2021-45764
[ 131 ] CVE-2021-45767
https://nvd.nist.gov/vuln/detail/CVE-2021-45767
[ 132 ] CVE-2021-45831
https://nvd.nist.gov/vuln/detail/CVE-2021-45831
[ 133 ] CVE-2021-46038
https://nvd.nist.gov/vuln/detail/CVE-2021-46038
[ 134 ] CVE-2021-46039
https://nvd.nist.gov/vuln/detail/CVE-2021-46039
[ 135 ] CVE-2021-46040
https://nvd.nist.gov/vuln/detail/CVE-2021-46040
[ 136 ] CVE-2021-46041
https://nvd.nist.gov/vuln/detail/CVE-2021-46041
[ 137 ] CVE-2021-46042
https://nvd.nist.gov/vuln/detail/CVE-2021-46042
[ 138 ] CVE-2021-46043
https://nvd.nist.gov/vuln/detail/CVE-2021-46043
[ 139 ] CVE-2021-46044
https://nvd.nist.gov/vuln/detail/CVE-2021-46044
[ 140 ] CVE-2021-46045
https://nvd.nist.gov/vuln/detail/CVE-2021-46045
[ 141 ] CVE-2021-46046
https://nvd.nist.gov/vuln/detail/CVE-2021-46046
[ 142 ] CVE-2021-46047
https://nvd.nist.gov/vuln/detail/CVE-2021-46047
[ 143 ] CVE-2021-46049
https://nvd.nist.gov/vuln/detail/CVE-2021-46049
[ 144 ] CVE-2021-46051
https://nvd.nist.gov/vuln/detail/CVE-2021-46051
[ 145 ] CVE-2021-46234
https://nvd.nist.gov/vuln/detail/CVE-2021-46234
[ 146 ] CVE-2021-46236
https://nvd.nist.gov/vuln/detail/CVE-2021-46236
[ 147 ] CVE-2021-46237
https://nvd.nist.gov/vuln/detail/CVE-2021-46237
[ 148 ] CVE-2021-46238
https://nvd.nist.gov/vuln/detail/CVE-2021-46238
[ 149 ] CVE-2021-46239
https://nvd.nist.gov/vuln/detail/CVE-2021-46239
[ 150 ] CVE-2021-46240
https://nvd.nist.gov/vuln/detail/CVE-2021-46240
[ 151 ] CVE-2021-46311
https://nvd.nist.gov/vuln/detail/CVE-2021-46311
[ 152 ] CVE-2021-46313
https://nvd.nist.gov/vuln/detail/CVE-2021-46313
[ 153 ] CVE-2022-1035
https://nvd.nist.gov/vuln/detail/CVE-2022-1035
[ 154 ] CVE-2022-1172
https://nvd.nist.gov/vuln/detail/CVE-2022-1172
[ 155 ] CVE-2022-1222
https://nvd.nist.gov/vuln/detail/CVE-2022-1222
[ 156 ] CVE-2022-1441
https://nvd.nist.gov/vuln/detail/CVE-2022-1441
[ 157 ] CVE-2022-1795
https://nvd.nist.gov/vuln/detail/CVE-2022-1795
[ 158 ] CVE-2022-2453
https://nvd.nist.gov/vuln/detail/CVE-2022-2453
[ 159 ] CVE-2022-2454
https://nvd.nist.gov/vuln/detail/CVE-2022-2454
[ 160 ] CVE-2022-2549
https://nvd.nist.gov/vuln/detail/CVE-2022-2549
[ 161 ] CVE-2022-3178
https://nvd.nist.gov/vuln/detail/CVE-2022-3178
[ 162 ] CVE-2022-3222
https://nvd.nist.gov/vuln/detail/CVE-2022-3222
[ 163 ] CVE-2022-3957
https://nvd.nist.gov/vuln/detail/CVE-2022-3957
[ 164 ] CVE-2022-4202
https://nvd.nist.gov/vuln/detail/CVE-2022-4202
[ 165 ] CVE-2022-24249
https://nvd.nist.gov/vuln/detail/CVE-2022-24249
[ 166 ] CVE-2022-24574
https://nvd.nist.gov/vuln/detail/CVE-2022-24574
[ 167 ] CVE-2022-24575
https://nvd.nist.gov/vuln/detail/CVE-2022-24575
[ 168 ] CVE-2022-24576
https://nvd.nist.gov/vuln/detail/CVE-2022-24576
[ 169 ] CVE-2022-24577
https://nvd.nist.gov/vuln/detail/CVE-2022-24577
[ 170 ] CVE-2022-24578
https://nvd.nist.gov/vuln/detail/CVE-2022-24578
[ 171 ] CVE-2022-26967
https://nvd.nist.gov/vuln/detail/CVE-2022-26967
[ 172 ] CVE-2022-27145
https://nvd.nist.gov/vuln/detail/CVE-2022-27145
[ 173 ] CVE-2022-27146
https://nvd.nist.gov/vuln/detail/CVE-2022-27146
[ 174 ] CVE-2022-27147
https://nvd.nist.gov/vuln/detail/CVE-2022-27147
[ 175 ] CVE-2022-27148
https://nvd.nist.gov/vuln/detail/CVE-2022-27148
[ 176 ] CVE-2022-29339
https://nvd.nist.gov/vuln/detail/CVE-2022-29339
[ 177 ] CVE-2022-29340
https://nvd.nist.gov/vuln/detail/CVE-2022-29340
[ 178 ] CVE-2022-29537
https://nvd.nist.gov/vuln/detail/CVE-2022-29537
[ 179 ] CVE-2022-30976
https://nvd.nist.gov/vuln/detail/CVE-2022-30976
[ 180 ] CVE-2022-36186
https://nvd.nist.gov/vuln/detail/CVE-2022-36186
[ 181 ] CVE-2022-36190
https://nvd.nist.gov/vuln/detail/CVE-2022-36190
[ 182 ] CVE-2022-36191
https://nvd.nist.gov/vuln/detail/CVE-2022-36191
[ 183 ] CVE-2022-38530
https://nvd.nist.gov/vuln/detail/CVE-2022-38530
[ 184 ] CVE-2022-43039
https://nvd.nist.gov/vuln/detail/CVE-2022-43039
[ 185 ] CVE-2022-43040
https://nvd.nist.gov/vuln/detail/CVE-2022-43040
[ 186 ] CVE-2022-43042
https://nvd.nist.gov/vuln/detail/CVE-2022-43042
[ 187 ] CVE-2022-43043
https://nvd.nist.gov/vuln/detail/CVE-2022-43043
[ 188 ] CVE-2022-43044
https://nvd.nist.gov/vuln/detail/CVE-2022-43044
[ 189 ] CVE-2022-43045
https://nvd.nist.gov/vuln/detail/CVE-2022-43045
[ 190 ] CVE-2022-43254
https://nvd.nist.gov/vuln/detail/CVE-2022-43254
[ 191 ] CVE-2022-43255
https://nvd.nist.gov/vuln/detail/CVE-2022-43255
[ 192 ] CVE-2022-45202
https://nvd.nist.gov/vuln/detail/CVE-2022-45202
[ 193 ] CVE-2022-45204
https://nvd.nist.gov/vuln/detail/CVE-2022-45204
[ 194 ] CVE-2022-45283
https://nvd.nist.gov/vuln/detail/CVE-2022-45283
[ 195 ] CVE-2022-45343
https://nvd.nist.gov/vuln/detail/CVE-2022-45343
[ 196 ] CVE-2022-46489
https://nvd.nist.gov/vuln/detail/CVE-2022-46489
[ 197 ] CVE-2022-46490
https://nvd.nist.gov/vuln/detail/CVE-2022-46490
[ 198 ] CVE-2022-47086
https://nvd.nist.gov/vuln/detail/CVE-2022-47086
[ 199 ] CVE-2022-47087
https://nvd.nist.gov/vuln/detail/CVE-2022-47087
[ 200 ] CVE-2022-47088
https://nvd.nist.gov/vuln/detail/CVE-2022-47088
[ 201 ] CVE-2022-47089
https://nvd.nist.gov/vuln/detail/CVE-2022-47089
[ 202 ] CVE-2022-47091
https://nvd.nist.gov/vuln/detail/CVE-2022-47091
[ 203 ] CVE-2022-47092
https://nvd.nist.gov/vuln/detail/CVE-2022-47092
[ 204 ] CVE-2022-47093
https://nvd.nist.gov/vuln/detail/CVE-2022-47093
[ 205 ] CVE-2022-47094
https://nvd.nist.gov/vuln/detail/CVE-2022-47094
[ 206 ] CVE-2022-47095
https://nvd.nist.gov/vuln/detail/CVE-2022-47095
[ 207 ] CVE-2022-47653
https://nvd.nist.gov/vuln/detail/CVE-2022-47653
[ 208 ] CVE-2022-47654
https://nvd.nist.gov/vuln/detail/CVE-2022-47654
[ 209 ] CVE-2022-47656
https://nvd.nist.gov/vuln/detail/CVE-2022-47656
[ 210 ] CVE-2022-47657
https://nvd.nist.gov/vuln/detail/CVE-2022-47657
[ 211 ] CVE-2022-47658
https://nvd.nist.gov/vuln/detail/CVE-2022-47658
[ 212 ] CVE-2022-47659
https://nvd.nist.gov/vuln/detail/CVE-2022-47659
[ 213 ] CVE-2022-47660
https://nvd.nist.gov/vuln/detail/CVE-2022-47660
[ 214 ] CVE-2022-47661
https://nvd.nist.gov/vuln/detail/CVE-2022-47661
[ 215 ] CVE-2022-47662
https://nvd.nist.gov/vuln/detail/CVE-2022-47662
[ 216 ] CVE-2022-47663
https://nvd.nist.gov/vuln/detail/CVE-2022-47663
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202408-21
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
Perfctl malware is hard to detect, persists after reboots, and can perform a breadth of malicious activities.
New Linux malware ‘Perfctl’ is targeting millions worldwide, mimicking system files to evade detection. This sophisticated malware compromises…
Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker News. "When a new user logs
Armed with a staggering arsenal of at least 20,000 different exploits for various Linux server misconfigurations, perfctl is everywhere, annoying, and tough to get rid of.
Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate Bill said in an analysis published today. "However, Selenium Grid's default configuration lacks
A vendor honeypot caught two attacks intended to leverage the tens of thousands of exposed Selenium Grid Web app testing servers.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261
GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c
GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662
GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c
GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c
GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability.
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD.
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.
NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV.
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).
In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.
Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.)
A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.